SamSam ransomware has remained active, targeting 67 different organizations in 2018 alone.
According to research from Symantec Corp., the group behind the SamSam ransomware, Ransom.SamSam, has continued its nefarious activities, primarily in the United States. The threat group targets a variety of sectors, but the highest concentration was in healthcare, with 24% of the attacks.
"Why healthcare was a particular focus remains unknown. The attackers may believe that healthcare organizations are easier to infect," wrote Symantec's Security Response Attack Investigation Team in a blog post. "Or they may believe that these organizations are more likely to pay the ransom."
Symantec also said that the group targeted local government organizations in the U.S., at least one of which administers elections.
"With the midterm elections in the U.S. taking place on November 6, the focus is naturally on cyber information operations and threats to voting data integrity," Symantec's team wrote. "However, ransomware campaigns such as SamSam can also be significantly disruptive to government organizations and their operations."
The security company also found that 56 out of 67 of the 2018 SamSam ransomware targets were located in the U.S. The rest were in Portugal, France, Australia, Ireland and Israel.
SamSam ransomware attacks are highly targeted. The threat actor group behind the ransomware hacks into victim systems directly using living off the land techniques. That is, it uses legitimate system administrator and penetration testing tools to infiltrate the network without detection, and does so in real time.
"The SamSam group's modus operandi is to gain access to an organization's network, spend time performing reconnaissance by mapping out the network, before encrypting as many computers as possible and presenting the organization with a single ransom demand," Symantec's researchers wrote.
In July 2018, Sophos researchers reported that the SamSam ransomware campaign -- which has been active since 2016 -- had earned nearly $6 million in ransom money, which was paid in bitcoin. The Sophos researchers found that about one in every four targets pays the ransom.
SamSam ransomware is known to have been used in an attack on the Colorado Department of Transportation earlier this year, costing the department $1.5 million, and is also suspected to be behind the attack on the city of Atlanta in March 2018, which shut down several of the city's departments.
"SamSam continues to pose a grave threat to organizations in the U.S.," Symantec said. "The group is skilled and resourceful, capable of using tactics and tools more commonly seen in espionage attacks."
In other news
- Last year, after its massive data breach, Equifax offered free credit monitoring services to all affected customers for a year. According to a report from cybersecurity journalist Brian Krebs, Equifax plans to extend that offer through its competitor, Experian. To make this happen, Equifax will share customer data with its competing credit bureau, including the name, address, birthdate, Social Security number, phone number and email address for anyone who signed up for the original free credit monitoring service through TrustedID. Equifax said Experian will only use that information to confirm the identity of all TrustedID customers whether or not they opt out of the offering from Experian. The Equifax data breach of 2017 exposed the personal information of over 145 million consumers. Experian itself is not unmarred, having suffered its own data breach in 2013.
- Cybersecurity company Carbon Black released a report that found millions of U.S. voter records up for sale on the dark web. The Carbon Black researchers found the voter databases of 20 different states up for sale on the dark web, and noted that several of the states are swing states. The information for sale includes voter IDs, full names, current and previous addresses, genders, phone numbers and citizenship statuses. With this information, potential malicious purchasers of the information could create targeted campaign advertisements and potentially influence how individuals vote. According to the report, the seller has a total of 81,534,624 voter records. The largest caches of records are from New York with 15 million voter records for sale, and from Florida with 12.5 million records for sale.